I have a wenb applicatoin based on Spring and I am implementing Spring Security 3.1.
What I need is to be able to automatically redirect to login page, when the configured session-timeout occurs. I am implemting web pages containing a lot of jQuery functionality, so I need to be able to automatically redirect.
What currently happens, when the session-timeout passes, it's not until an action is performed - page submission that it redirects to the login page.
my spring-security.xml:
<http auto-config="true" disable-url-rewriting="true">
<intercept-url pattern="/test/user*" access="ROLE_USER, ROLE_ADMIN" />
<intercept-url pattern="/test/admin" access="ROLE_ADMIN" />
<form-login login-page="/test/login"
default-target-url="/test/home"
authentication-failure-url="/test/loginfailed" />
<logout invalidate-session="true" logout-success-url="/test/logout" />
<!--
<session-management invalid-session-url="/test/login">
<concurrency-control max-sessions="1" error-if-maximum-exceeded="true"/>
</session-management>
-->
</http>
And in my web.xml I have:
<!-- Web Session Timeout (mins) -->
<session-config>
<session-timeout>10</session-timeout>
</session-config>
I don't think you will need to do it yourself, Spring pretty much handles this itself. That's the greatness of Spring!
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With